CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6189 – Improper Permission Handling in M-Files Server
https://notcve.org/view.php?id=CVE-2023-6189
Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods. Las comprobaciones de permisos de acceso faltantes en el servidor M-Files anteriores a 23.11.13156.0 permiten a los atacantes realizar trabajos de escritura y exportación de datos utilizando los métodos API de M-Files. • https://https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6189 https://product.m-files.com/security-advisories/cve-2023-6189 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6117 – M-Files REST API allows Denial of Service
https://notcve.org/view.php?id=CVE-2023-6117
A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks. Se detectó una posibilidad de consumo no deseado de memoria del servidor a través de las funcionalidades obsoletas en los métodos Rest API del servidor M-Files anteriores a 23.11.13156.0, lo que permite a los atacantes ejecutar ataques DoS. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6117 https://product.m-files.com/security-advisories/cve-2023-6117 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5524 – M-Files Web Companion allows Remote Code Execution for some filetypes
https://notcve.org/view.php?id=CVE-2023-5524
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types Lista negra insuficiente en M-Files Web Companion antes de la versión 23.10 y en las versiones de lanzamiento del servicio LTS anteriores a 23.8 LTS SR1 permite la ejecución remota de código a través de tipos de archivos específicos • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5524 https://product.m-files.com/security-advisories/cve-2023-5524 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5523 – M-Files Web Companion allows Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-5523
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution Ejecución de falla de contenido descargado en M-Files Web Companion antes de la versión 23.10 y versiones de lanzamiento del servicio LTS anteriores a 23.8 LTS SR1 permite la ejecución remota de código • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-5523 https://product.m-files.com/security-advisories/cve-2023-5523 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2325 – Stored XSS Vulnerability in M-Files Classic Web
https://notcve.org/view.php?id=CVE-2023-2325
Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en las versiones M-Files Classic Web anteriores a 23.10 y LTS Service Release Versions anteriores a 23.2 LTS SR4 y 23.8 LTS SR1 permite al atacante ejecutar scripts en el navegador de los usuarios a través de un documento HTML almacenado. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2325 https://product.m-files.com/security-advisories/cve-2023-2325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •